Self-contained programmable terminal for security systems

ABSTRACT

A security system is disclosed which utilizes plural remote terminals for controlling access at plural locations throughout a secured area or building. Each of these remote terminals is capable of independent functioning, and includes a memory for storing plural independent identification numbers which define the personnel who will be granted access. These numbers stored in the terminal memories may be different from terminal to terminal, or may be uniform throughout the system, and may be the same as a list stored at a central processing location. Thus, access may be limited to the same group of individuals regardless of whether it is provided by a central memory list or a remote memory list. The remote memories provide total memory flexibility, so that the deletion of identification numbers from the list does not reduce the memory size. The memory, in addition to identification numbers, stores data defining real time access limitations for each of the individuals who will be granted access, so that flexibility in time of day access control is provided on a programmable basis.

BACKGROUND OF THE INVENTION

This invention relates to security systems and, in the preferredembodiment, to magnetically encoded data card security systems in whichaccess at a secured location is controlled by a comparison of data on acard inserted by personnel into the system with data stored in thesystem and defining those persons who shall be granted access. Moreparticularly, this invention relates to a system in which, in additionto card data, keyboard data may be entered by persons wishing access,the keyboard data being a combination and permutation of the card data.In such a system, the present invention provides a substantially broaderdegree of flexibility in system control than was previously available,since it permits independent programming of terminals at each of pluralremote locations in a system where the remote terminals, under normalcircumstances, operate in conjunction with a central processor toregulate access. Thus, with this system flexibility, it is possible,even when communication is interrupted between the central processor andthe remote terminals, to limit access at the remote terminals inaccordance with either (a) the same identification list as is stored inthe main memory, (b) a more stringent list, or (c) a more liberal list,as the user desires. Such flexibility has not heretofore been available.Furthermore, the ability to program a memory list to define who shall beprovided access at each of the independent terminals, is accomplished inthe present invention in a manner which permits identification numbersto be added and deleted from the system without affecting the system'smemory capacity.

Security systems utilizing remote terminals to limit access atindividual remote locations have, in the past, utilized static magneticcard readers at these remote locations for controlling access throughelectrically operable devices, such as doors, turnstiles, printers, etc.Prior art systems have been devised in which the remote card readerscommunicate with a central data processor or operate as stand-aloneunits.

The card or badge bearing encoded data used for controlling access istypically inserted into a slot of a reader which reads and decodes thedata on the card. Advantageously, this data is encoded as a plurality ofmagnetically polarized spots in a sheet of magnetic material. Suchencoded data normally includes an identification number or numbersidentifying the card holder. During use, this number encoded by the cardis compared with a number or numbers stored in the central computerterminal in multi-terminal systems using central processors or at theremote locations in totally stand-alone systems, all to ascertainwhether the individual inserting the card is entitled to access to abuilding, room, parking lot, or the like.

In one prior art embodiment, the magnetically polarized spots are usedto directly actuate a read relay or other moving switch mechanismlocated within the reader. In the state-of-the-art system, as isexemplified by U.S. Pat. No. 3,686,479 entitled "Static Reader SystemFor Magnetic Cards", assigned to A-T-O, Inc., assignee of the presentinvention, electromagnetic solid state sensors are used. These sensorsare disclosed and claimed in U.S. Pat. No. 3,717,749, also assigned toA-T-O, Inc. These patents are hereby incorporated in this disclosure byreference. Such systems have been found to be very reliable and are inuse as access control systems in a number of different industries,universities, and government installations.

Operation of such systems as a part of a security network employing acentral processor is disclosed and claimed in U.S. Pat. No. 4,004,134,also assigned to A-T-O, Inc., and also incorporated herein by reference.This latter system incorporates a central processor which periodicallyand sequentially polls each of the remote terminals in the system. Theremote terminals are able to transfer data to the central processor onlyon receipt of a polling pulse. At the central terminal, data read at theremote location from an inserted card is compared with a master listwhich includes those persons who shall be given access at that remotelocation. Such systems, in the past, have permitted a limited degree ofremote terminal operation, even if some or all of the interconnectinglines between the remote terminal and the central processor have beeninterrupted. The systems, however, generally require that a much simplertest be made of persons wishing entrance during such degraded modeoperation, and thus the group of persons allowed access at such timesis, of necessity, much larger than would normally be granted access.This is a distinct disadvantage in such systems, since it does notpermit a controlled programmable access under all circumstances as isoften required in secured locations.

An improved system for providing degraded operation in such a centralprocessor-oriented system is disclosed and claimed in patent applicationSer. No. 830,002, filed Sep. 1, 1977, entitled "Circuit For ControllingAutomatic Off-Line Operation of An On-Line Card Reader", assigned toA-T-O, Inc., the assignee of the present invention, and incorporatedherein by reference. Even in that improved system, there is nosubstantial system flexibility regarding the persons who will be grantedaccess during degraded mode operation, and it is common in a system ofthat type to provide access during degraded mode operation to any personhaving a card coded for use within the overall security system, even ifit is not coded for use at this particular remote location.

The communication lines used in a security system of this type, where acentral processor is utilized for controlling the operation of pluralremote terminals, provide an even greater level of security if thecommunication lines are monitored to assure that they are not tamperedwith and that their integrity is not degraded. A system foraccomplishing this purpose is disclosed and claimed in U.S. patentapplication Ser. No. 827,994, filed Aug. 26, 1977, and entitled "SystemFor Monitoring Integrity of Communication Lines In Security SystemsHaving Remote Terminals", this application being assigned to A-T-O,Inc., the assignee of the present invention and incorporated herein byreference.

It has also been known in the prior art to include at the remotelocation a keyboard. Typically such keyboard systems require thatpersons wishing access, in addition to the insertion of a magneticallyencoded data card, are required to enter keyboard data, typically asequence of digits. These digits have typically comprised a particularpermutation and combination of the data encoded on the employee's card,the particular permutation and combination often being different fordifferent remote terminals. Some prior systems have used hardwiredpermutation and combination circuits which did not permit alterationafter the system was installed. A more advanced keyboard system, whichpermits programming of the particular permutation and combination afterinstallation, is disclosed and claimed in U.S. patent application Ser.No. 830,004, filed Sept. 1, 1977, entitled "Remotely ProgrammableKeyboard Sequence For A Security System", assigned to A-T-O, Inc., theassignee of the present invention and incorporated herein by reference.

While these systems disclosed in the prior art have provided arelatively flexible, sophisticated security network, certain persistentproblems have remained unsolved. One of these problems involves the factthat systems utilizing a central processor invariably provide verybroadly based access during degraded communication line operation. Inaddition, the prior art systems in which remote terminals are used tostore lists of identification numbers for selective access havepermitted changes in the access lists only at the expense of reducedmemory size since, in the prior art, the elimination of anidentification number from a memory storage location has typicallyrequired the destruction of that memory location.

In addition, those prior art systems which utilized real-time clocks forlimiting access through a particular terminal to different personnel atdifferent times of day, have been fairly limited in their flexibilityand typically required that a person be issued a new entrance card orbadge if his time of entry was to be changed. Such systems, therefore,greatly reduced the flexibility of real-time access control. Inaddition, such systems have not provided plural overlapping time zonesso that various personnel could be provided access at different times ofday which were not mutually exclusive.

SUMMARY OF THE INVENTION

The present invention solves these persistent problems in the prior artand provides, through their solution, an extremely powerful and flexibleterminal system for secured access control. This system includesindependent programmable identification listings at each of the pluralremote locations of those individuals who will be granted access at suchlocations. In addition, the system permits connection of a plurality ofthese remote terminals to a central processor which includes its ownprogrammable memory listing of personnel who will be provided access ateach of the remote locations. During normal operation, when a centralprocessor is used, this central memory is used to provide access at eachof the remote locations, since the use of a central processor permits aprinter to be added to the system, which printer provides a record ofpersonnel movement throughout the system on a continuous basis. Thecentral processor system also permits programming of each of the remoteunits from a central location and thus makes the system easier tocontrol and to operate.

Nevertheless, any difficulty in communication between the centralprocessor and the remote terminals in this system will not degrade thesystem operation, since a complete list of personnel who will beprovided access is stored in a programmable memory at the remotelocation. Thus, when faulty communication lines are detected, the systeminterrogates its own memory for access control, and the person insertinga card at the remote terminal has no way of determining that thecommunication lines are impaired.

Furthermore, the system of the present invention provides a flexible,solid state programmable memory which is operated in a manner whichmaintains identification numbers in numerical order within the memory.Such numerical ordering permits a binary search to be conducted so thatan efficient determination can be made to determine whether a particularnumber is stored in the memory. When a number is deleted from thememory, the remaining entries in the memory are shifted to close thedata order so that no voids remain. Thus, the end of the memory canalways be checked to determine whether there is room for additionalidentification numbers.

It will be appreciated, of course, that since the terminals of thepresent invention have the capability of such stand-alone operation,they can be used in a totally stand-alone application where no centralprocessor is provided. Even in such an application, these terminalspermit total programming flexibility at each of the remote locations. Itwill be appreciated that, utilizing a terminal of this type, a mixedsystem, some terminals centrally controlled and some operated asstand-alone units, is permissible utilizing the same terminal throughoutthe system. In addition, it is possible to install a plurality ofstand-alone terminals with the expectation that, at a later date assystem requirements increase, a central processor may be added tocontrol the already installed stand-alone remote terminals.

Whereas in the prior art systems which have time of day access control,a portion of a user's identification number typically included a time ofday code, the present system utilizes such a time of day code only incombination with a user's identification number in memory. Thus, theuser's card or badge does not itself define a time of day, and access atdifferent remote locations may be provided using a single card atdifferent times of day. In use, the present system responds to theinsertion of a card by finding the user's identification number inmemory and accessing an associated plurality of bits which determine thetimes of day at which access will be provided. If this defined time ofday conforms with the time of day as monitored by real time clockswithin the system, access will be provided. The time of day may bechanged by changing each of plural clocks within the clock systemitself. In addition, the particular clocks used for controlling accessfor each individual are programmable within the memory.

These and other advantages of the present invention are best understoodthrough a reference to the drawings, in which:

FIG. 1 is a schematic diagram of the overall system of the presentinvention showing the primary elements of a central processing unit andplural remote units;

FIG. 2 is a more detailed schematic diagram showing the operation of thememory, memory control, and real-time sensor of the remote terminals ofFIG. 1;

FIG. 3 is a flow chart showing the operation of an insertion loopcounter and its associated electronic elements, all of which are shownin FIG. 2;

FIG. 4 is a flow chart showing the sequential operation of a deletionloop counter and its associated electronics, all as shown in FIG. 2; and

FIG. 5 is a schematic block diagram illustration of a programmablemicroprocessor system utilizing a program as included in thisapplication for accomplishing the same basic functions provided by thehardwired embodiment of FIGS. 1-4.

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENT

Referring initially to FIG. 1, a central data processing unit 11 isshown connected to a particular remote terminal 13 by a pair of pollingand data lines 15,17 and a pair of data lines 19 and 21. The pollinglines 15 and 17, in a typical application, are unidirectional lineswhich enable the central data processing unit 11 to sequentiallyinterrogate and send data to a plurality of remote terminals 13, 23, 25,etc. to determine which of these remote terminals require servicing. Itwill be understood throughout the remainder of the specification in thisapplication that a large number of remote terminals may be connected toa single central processing unit 11 and that each of the remoteterminals 23 and 25 performs substantially the functions described belowwith reference to the remote terminal 13.

It should be understood that the lines 15,17 are a line pair, the line17, for example, providing a return for the line 15. Similarly, the line21 provides a return for line 19. Polling signals and data whichinitiate at the central processor 11 are communicated to the remoteterminal 13 on the line pair 15,17. Similarly, data signals produced atthe remote terminal 13 are communicated to the central processor 11 onthe line pair 19,21. It will be appreciated that words communicated onthe line pairs 15,17 and 19,21 are most advantageously connected withinthe central and remote units 11,13 to shift registers 27-33. Thus, datasequentially clocked from register 27 onto lines 15,17 may beself-clocked, as shown by line 35 into shift register 29. Similarly,data sequentially clocked from the shift register 33 may beself-clocked, as shown by the connection 37, into the shift register 31.

Although the details of a line integrity monitoring system are not shownin FIG. 1 (in order to maintain the clarity of this disclosure), such asystem is typically included in the communication system between thecentral processing unit 11 and the remote terminal 13, and is shown inFIG. 1 as a first line integrity monitor 39 within the remote terminal13 interconnected between the shift registers 29 and 33, and a secondline integrity monitor 41 in the central processing unit 11interconnected between the shift register 31 and the shift register 27.The details of the line integrity monitoring circuits 39 and 41 aredescribed in patent application Ser. No. 827,994, filed Aug. 26, 1977,mentioned previously. For the purpose of the present application, it issufficient to understand that the line integrity monitoring system 41causes the shift register 27 to sequentially poll the remote terminals13,23,25, etc. by sending a polling signal on the lines 15 and 17. Theremote terminals 13,23,25, etc., through the line integrity monitoringcircuitry 39, respond to these polling signals by providing acalculated, predetermined response which is transmitted by way of theshift register 33 and data lines 19 and 21 to the shift register 31.This data returned from the remote terminal and placed in a shiftregister 31 is compared by the line integrity monitoring circuit 41 todetermine whether an appropriate response has been received from theremote terminal and to thus verify the integrity of the lines15,17,19,21. It will be understood by those skilled in this art that thecontinued integrity of these data and communication lines is extremelyimportant, since systems built in accordance with the present inventionare used to limit personnel access and the line integrity monitoringcircuit 39,41 can provide an alarm, for example, at the centralprocessor 11, whenever an intruder (or other cause) has interfered withthe communication line network.

It is important to recognize at the outset of this disclosure that theremote terminal 13 is designed to operate as a stand-alone unit as wellas a remote terminal for a central processor 11, and that it cantherefore be utilized without the data communication lines 15 through21, as described below.

A card reader or sensor 43, located in the remote terminal 13,substantially is described and claimed in U.S. Pat. Nos. 3,686,479 and3,717,749, is used to sense magnetically encoded data on a card or badgeinserted into the card reader 43. This data is transmitted, as by a line45, to a buffer or storage register 47. In a typical system, the buffer47 provides storage for five decimal digits, each of which can be anyinteger between zero and nine. The communication of these five digitsrequires four binary digits each, so that the interconnecting line 45,as well as the buffer 47, must be a 20-bit wide device. Data from thecard inserted into the card reader 43 and supplying the 20 bits ofinformation is typically placed into the register In the system of thepresent invention, this data will either be compared with data in amemory 49 (in the remote unit 13) to determine whether the five-digitidentification number is present in the memory 49, or will be comparedwith data stored in the central processor 11, if it is connected. Adegraded mode sensor 42 is typically connected in series between thebuffer 47 and the memory 49 and is used to selectively send data fromthe buffer 47 via the shift register 33 to the central processor 11 ordirectly to the memory 49, depending upon the mode of operation of theterminal 13. If the terminal 13 is used as a stand-alone terminal, thedegraded mode sensor 42 is bypassed so that the buffer 47 is linkeddirectly to the memory system within the remote terminal. Alternatively,if the terminal 13 is used with a central processor, the degraded modesensor 42 normally transmits data from the buffer 47 to the centralprocessor unit via shift register 33 but can be used when thecommunication lines are degraded to transfer data from the buffer 47directly to the memory 49 within the remote terminal. The degraded modesensor may be substantially as described and claimed in patentapplication Ser. No. 830,002, filed Sept. 1, 1977, and referenced above.

If the memory 49 is being used, and stores an identification numberidentical to that in buffer 47, it will store, in conjunction with thenumber, a time code. This time code will be supplied by a memory controlcircuit 63, associated with the memory 49, to a real-time sensor circuit51 which provides real-time input for the remote terminal 13. If thereal-time input from the circuit 51 corresponds with the time data fromthe memory 49, the real-time circuit 51 will enable a gate 53 to provideaccess at the remote location, as through a door access control circuit54.

In this system it is possible to provide, in addition to the memory 49,a secondary means for screening personnel for access. This mechanismincludes a keyboard 55 attached to a buffer 57 and a circuit 59,referred to in FIG. 1 as an IDEC circuit. The IDEC circuit 59 isdescribed in detail in patent application Set. No. 830,004, filed Sept.1, 1977 and referred to previously. For the purpose of the presentapplication, it is sufficient to understand that the IDEC circuit 59requires that the person requiring access at the door 54 must input asequence of numbers at the keyboard 55, which is identical to aplurality of numbers read by the card reader 43, but altered insequence. The IDEC circuit responds to the data from the buffer 47 aswell as the data from the buffer 57 to assure that the proper digits inthe proper sequence are input at the keyboard 55. An output from theIDEC circuit 59 on line 61 is required at the gate 53, along with theoutput from the time of day circuit 51, in order to provide access atthe door 54. It should be noted that the IDEC system 59 within theterminal 13 may be used regardless of whether the memory 49 or thecentral processor 11 memory is used for identification numbercomparisons.

It will be understood by those skilled in the art that the buffer 47does not communicate directly with the memory 49, but rather isconnected to a memory control 63 which accesses data to and from thememory and organizes the data in memory. This memory control 63 isconnected to the keyboard 55 for programming purposes, as shown by line65, which is connected in series with a supervisor's access circuit 67.The supervisor's access circuit 67 is connected to the buffer 47 andassures that, unless a supervisor's card has been inserted in the cardreader 4,3, the keyboard 55 cannot be used to change the identificationnumbers or time zones stored in the memory 49. Thus, the keyboard 55 isconnected to the IDEC circuit 59 at all times, but is connected to thememory control circuit 63 only when a supervisor's card is used. Thesupervisor's access module 67 is described and claimed in patentapplication Ser. No. 827,993, filed Aug. 26, 1977, and referred toabove. Although not shown in detail in FIG. 1, it will be understoodfrom the description in that application that the circuit 67 comparesdata from the buffer with a register to determine whether a supervisor'scard has been inserted at the card reader 43, and permits access to thewrite logic incorporated in the memory control 63.

As has been common in the prior art, the central processor 11 mayinclude a memory 69 and memory control 71 as well as a keyboard 73.Thus, the central processor, by monitoring data received from the remoteunit 13 and placed in the shift register 31, may be used to grant ordeny access through appropriate polling signals supplied from the memory69 to the shift register 17. While the use, in general, of such a systemat the central processor 11 forms a part of the present invention, thedetails are well known. Thus, the programming of the memory 69 utilizingthe keyboard 73 and control 71 may be substantially identical to theprogramming described below for the memory 49 utilizing the memorycontrol 63 and keyboard 55 at the remote unit. Furthermore, it should beunderstood that, using the techniques for programming which aredescribed below, and well known communication techniques, it is possiblethrough the communication lines 15-21 to interconnect the keyboard 73with the memory control 63 in a standard fashion, so that the keyboard73 may be used to program the memory 49 in one of the remote units 13.

It will also be understood that it is common at the central processor 11to include a printer 73, typically connected to the memory control 71,for making a permanent record of access authorizations and denials ateach of the remote units 13, so that the flow of personnel throughoutthe security system can be monitored.

Referring to FIG. 2, the details of the memory 49, the memory control 63as well as the real-time sensor and its connections to the gate 53 anddoor access control 55, will be described.

The memory 49 is shown schematically in FIG. 2 to include five columnsof card identification data digits and a single column of time codedigits. The memory 49 stores in numerical sequence the five-digitidentification numbers corresponding to the cards or badges of thosepersonnel who are to be granted access at this remote terminal.Following each such identification number is a time code between 1 and 8delineating the times of day when that particular individual is to begranted access. This time of day control will be understood in moredetail through the description which follows.

The memory 49 is a read and write memory, or RAM memory, as is commonlyused in digital circuits and is accessed by means of an address buffer77 which forms a part of the memory control 63. A data buffer 79 isdirectly connected to the memory 49 and is used to access data from thememory 49 in accordance with the address 77. In the simplest utilizationof the memory 49, data from the card reader buffer 47 is supplied on aline 81 to a comparator 83 which is also supplied with data from thedata buffer 79. The comparator 83 is designed to provide a signal on aplus line 85 whenever the number accessed from the card reader buffer 47is smaller than the data from buffer 79, to provide a signal on a 5minus line 87 whenever the data from the buffer 47 is larger than thedata from the buffer 79 and to supply a signal on a zero line 89 whenthe data from the card reader buffer 47 is identical to the cardidentification data read from the data buffer 79. It will be understoodthat, since the time code data is not available from the buffer 47, onlythe card identification number portion, that is, the most-significantfive digits, from the memory 49 is compared in the comparator 83. If theidentification number from the buffer 47 is identical to theidentification number accessed from the memory 49, indicating that theidentification number from the card is present in the memory 49, a gate93 is enabled to transfer the last four binary bits, conducted from thedata buffer 79 on line 91, to the real-time sensor 51. This line 91carries the decimal digit 1 through 8 which identifies the time codewhen access is to be permitted for this particular individual. Thesignal on line 89 enables the gate indicating that the user'sidentification number is stored in memory.

It can be seen that the signal on line 89 is used to enable the gate 93to access the time code data to the real-time sensor 51. Except on rarecoincidences, the line 89 will not provide a signal, however, until asearch for this identification number has been completed.

A search is accomplished as follows. In all cases, the address buffer 77is initially accessed to the center location of the memory 49. This isaccomplished by a shift register 95 which includes nine bit positions,eight of which are filled by consecutive zeroes and one of which 5 isfilled by a one. The binary 1 is in the most-significant bit position atthe beginning of any data search. Thus, the binary number1,0,0,0,0,0,0,0,0 is accessed on a line 97 from the shift register 95and ORed in a gate 99 with a temporary address buffer 101 which, at thebeginning of the search, stores the nine-digit binary number0,0,0,0,0,0,0,0,0. This address is supplied to the address buffer 77 andselects the center position in the memory 49. In response to thisaccessing, the data buffer 79 is supplied with the center word in thememory 49, and 5 this word is automatically compared with theidentification number from the card data buffer 47. If theidentification number, accessed at this central point from the memory49, is smaller than the card identification number from the buffer 47, asignal will be produced on line 85 which will enable a gate 103 tosupply the data from the address buffer 77 to the temporary addressbuffer 101. The temporary address buffer 101 in this instance willcontain the word 1,0,0,0,0,0,0,0,0, designating the center location inmemory 49. The signal on line 85 is also supplied through an OR gate 105to a delay 107 which in turn clocks the shift register 95.

The shift register 95 is made recirculating by the connection 108, andthe 1 in the most-significant bit position is thus clocked to the secondmost-significant bit position. If, on the other hand, the numberaccessed at the central location in the memory 49 is larger than theidentification number from the buffer 47, a signal will be produced online 87 which will recirculate (using gate 105 and delay 107) by one bitthe shift register 95, but will not enable the gate 103. The number inthe address buffer 77 will thus not be supplied to the temporary addressbuffer 101.

This searching routine continues so that each time that the comparator83 produces a plus or minus output signal on line 85 or 87, the binarynumber in the shift register 95 is circulated by one count. Thecirculated number in this register 95 is ORed with the temporary addressbuffer 101, to change the address buffer 77 and thus address a newlocation in the memory. At the same time, the temporary address bufferis supplied with the additional digit from the shift register 95 only ifthe output from the comparator 83 indicates that the data is at a higheraddress location in the memory 49. Thus, the search continues, one bitat a time, in a normal binary search fashion. At each step, the nextmost-significant bit of the address buffer 77 is made a one if the datais at a higher address in the memory 49. Alternatively, the nextmost-significant bit of the address buffer 77 is made a zero if the datais at a lower address in the memory 49. This selective addressing isaccomplished by either enabling or not enabling, respectively, the gate103. Ultimately, this search process will locate the position in memory49 at which the data from the buffer 47 should be stored, and if suchdata is stored in the memory 49, the data buffer 79 will store the samecard identification number as is accessed on line 81, so that a zerosignal will be produced on line 89 to gate the time code to thereal-time sensor 51. Alternatively, if the search is completed, so thata binary one exists in the least-significant bit position of the shiftregister 97, this bit will be shifted on the last signal from the delay107 to the most-significant bit position. As the one digit is thusshifted by the line 108, it is coupled by line 109 to temporarilydisable a gate 111 which temporarily prohibits signals from the OR gate105 from again actuating the shift register 95, and the search is thusterminated. This same signal on line 109 is used to clear the temporaryaddress buffer 101.

If the search terminates without a zero signal being provided on line 89from the comparator 83, no signals are produced which will enable thegate 93, and access will not be permitted to the card holder. Obviously,at any time during the search that a zero signal is produced, the searchstops, since no signal is supplied to the OR gate 105, and access isimmediately permitted if the time of day code compares favorably withthe real time, as will be explained in more detail below.

The remainder of the circuitry associated with the memory controlcircuit 63 is utilized primarily for programming the memory 49 to add ordelete identification numbers from the memory 49 or to search the memory49 for programming purposes, so that the system user may provide accessat this remote location for only selected personnel. As previouslyexplained, a supervisor's card is utilized to provide program access,and this access supplies keyboard data from the program access controlcircuit 67 to a buffer 113, shown in FIG. 2. In a number of cases, theprogrammer will utilize the keyboard to place an identification numberin the buffer 113, followed by a code indicating the operation to beconducted. Thus, for example, the programmer may place an identificationnumber in the buffer 113 and utilize an additional keystroke to indicatethat this identificationnumber is to be inserted into the memory, sothat an additional employee will be granted access. Alternatively, theadditional keystroke may be used to delete this number from memory orsimply to search the memory for this member. In some cases, only asingle keystroke is used, as, for example, when the programmer wishes tosimply increment or decrement the memory address register 77.

Whenever signals are present on line 67 indicating that program accesscontrol has been granted, a line 115 coupled to line 67 enables adisplay 117, the first five digits of which, that is, the identificationnumber digits of which, are provided by the buffer 113. The last digit,reserved for the time code digit from the memory 49, is supplied by theline 91 to the display 117. Thus, the programmer can see theidentification number that the keys into the buffer 113, but his lastkeystroke which indicates the operation he wishes to perform, will notoperate the display 117. Rather, the last keystroke will begin a searchor other operation which will result in dam being placed in the databuffer 79. Ultimately, the last digit of the display 117 will indicatethe results of the search or other step by displaying the last digitfrom the data buffer 79.

The identification number from the buffer 113 is coupled by a line 119to the comparator 83, while the least-significant bit is coupled by aline 121 to a plurality of comparators. If the least-significantkeystroke identifies a memory address incrementing step, data identicalto the keystroke is supplied by a buffer 123 so that a comparator 125supplies a signal on line 127 to an adder 129 which adds unity from aregister 131 to the current value of the address buffer 77, as suppliedon line 133, and supplies the sum back to the address buffer 77 on line135. Thus, each time that this keystroke is entered, the address inregister 77 is incremented by one location, as required by theprogrammer. In a similar fashion, a decrementing keystroke will comparefavorably in a comparator 137 with data from a buffer 139 to provide asignal on Mine 141 to add a minus one in a buffer 143 to the value inthe address buffer 77, as accessed on line 145, so that an adder 147provides on line 149 a decremented address, permitting the programmer todecrement the memory location address in register 77 for programmingpurposes.

If the programmer utilizes a keystroke which requires a search of thememory 69, after first introducing an identification number into thebuffer 113, a search routine will be implemented which will search thememory 49 to determine whether the identification number in the buffer113 exists in the memory 49 and, if so, during what time zones thatindividual is allowed access. This is accomplished by first comparingthe keystroke data with a search keystroke indication in a buffer 151,that a comparator 153 provides a signal on line 155 to enable a gate 157which supplies the identification number from the butter 113 to thecomparator 83. The comparator 83 then initiates a search routine in abinary fashion, as previously described, to ultimately provide on lines91 the decimal digit indicating the time access code for this particularidentification number, which time access code will be displayed on thedisplay 117 along with the identification number which was searched. Ifthe identification number is not in the memory 49, a zero output signalon line 89 will not be produced by the comparator 83, and the gate 93will not be enabled. Thus, no display will appear in theleast-significant bit position of the display 117. Alternatively, thesystem could be designed to provide a zero in the least-significant bitposition of the display 117 if the searched identification number is notpresent in the memory 49.

If, as the least-significant bit after the insertion of anidentification number in the buffer 113, the programmer depresses a keywhich provides an instruction to insert this identification number as anew or additional identification number in the memory 49, a comparator159 will provide an output signal because of identity between thekeystroke data and data from a buffer 161, the signal being providedfrom the comparator 159 on line 163 to initiate the operation of acounter 165. This operation is initiated by placing the pulse on theclocking input 167 of the counter 165 so that the counter counts to itsfirst position, placing an output signal on a 1 count line 169. When asignal is present on line 169, a comparator 171 compares a delimiterregister 173 with a register 175 which stores a count equivalent to thelast storage location in the memory 49. The delimiter register 173, aswill be understood through the following description, is continuouslyupdated so that it stores a number equal to the number of words storedin the memory 49. When the number in the delimiter register 173 is equalto the number stored in the register 175, this is an indication that thememory 49 is full and the comparator 171 will produce a signal on line177 to energize a front panel display 179 indicating to the programmerthat the memory is full, and that no additional identification numbersshould be inserted without first deleting some identification numbers.Furthermore, the full memory indication is not connected to clock thecounter 165, so the insert routine will not continue.

If the memory 49 is not full, the comparator 171 will produce a signalon line 181 indicating that the registers 173 and 175 did not storeequal numbers. This signal on line 181 is used for clocking the counter165 to its second count position, producing a signal on line 183. Theprogrammer will have been told that, prior to an insert operation, asearch operation should be conducted using the comparator 153 so that,at the time the insert operation is conducted, the address buffer 77will be addressing the memory 49 at a location immediately preceding orimmediately following the location where the new identification numbershould be inserted. At the end of the search routine, the comparator 83will provide a plus signal on line 85 if the new data word shouldimmediately precede the present location of the address buffer 77 or aminus signal if it should immediately follow this word. During theinsert routine, the output lines of the comparator 83 are checked at thesecond clock position by ANDing the line 183 in gates 185 and 187 withthe minus line 87 and plus line 85, respectively, from the comparator83. If the minus line 87 contains a logic signal, the AND gate 185produces an output signal on line 189 to again clock the counter 165 toproduce an output signal on its 3-count line 191. If, on the other hand,the plus line 85 is at a positive level, the AND gate 187 will provide asignal on line 193 to a buffer 195 enabling that buffer 195 to input ona plurality of lines 197 to the counter 165 a 6-count, so that thecounter 165 will jump from its 2-count position to its 6-count position.This latter step is necessary so that if the new data word is to bestored at the next data position in memory 49 (a plus signal on line85), a routine will be implemented which skips a data position in thememory 49. If, on the other hand, the present data position where theaddress buffer 77 presently points is not to be skipped (since the newdata word is to go at this present position), the next series of stepsbetween count 2 and count 6 of the counter 165 are used for removing andtemporarily storing the presently addressed word from the memory 49, aswill be seen from a description of these steps.

When the signal on line 189 clocks the counter 165 to its three count,the signal on line 191 enables a gate 194 so that data from the databuffer 79 is accessed in parallel to a temporary storage buffer 196.This step is used to save the identification number in the currentmemory location. It will be seen as this description follows that thecurrent memory location is stored in the next lower memory location,while the word from that lower position is, in turn, stored in the nextsucceeding lower position. Thus, when a new word is placed in memory 49,the counter 165 is used to sequence a repeating routine which shifts theremaining data in the memory 49 toward the bottom of the memory 49 byone step, making room at the proper location in numerical order for thenewly added data word.

Once the current identification number has been stored in the temporaryregister 196, a delay 198 connected to the line 191 is used to clock thecounter 165 to its 4-count position. This 4-count position provides asignal on line 201 which enables a gate 203 connecting the buffer 113 towrite logic 205 associated with the memory 49. Thus, at count 4, thedata previously stored in the current memory location is automaticallyerased and the new identification number is written in this storagelocation. A delay circuit 207 connected to the line 201 is used to againclock the counter 165 at the completion of this writing operation sothat the counter produces a 5-count output on line 211 which accessesthe data word from the temporary buffer 196 into the buffer 113, erasingthe number previously stored in the buffer 113, by enabling a gate 213interconnecting these buffers. This places the number previously storedin the memory 49 (which was removed to make room for the new word) intothe buffer 113, so that, on the next circulation of the counter 165, itcan be written into the next successive location in the memory 49.

A delay 215 connected to line 211 clocks the counter 165 after the datahas been accessed into the buffer 113 and the counter 165 then providesa 6-count output on line 217 which is connected to line 127 to incrementthe addressed location in the memory 49 as previously described. Theline 217 is additionally connected through a delay 219 to clock thecounter 165 to its seventh and final output position. It will berecognized that, at the sixth count position, the signal on line 217incremented the memory 49 location so that the next successive memoryword is being accessed. This memory word should be larger than the wordcurrently in the buffer 113, unless we have reached the end of the datain the memory 49, in which case the new word would be 0,0,0,0 and thussmaller than the word stored presently in the buffer 113. Thus, thesignals on lines 85 and 87 can be utilized to determine whether theinsert routine should stop. The signal on line 221, indicating count 7,is ANDed with the signal on line 85 in AND gate 223 and with the signalon line 87 in AND gate 225. If the AND gate 223 produces an outputsignal, this signal is connected to an incrementing circuit 227 whichis, in turn, connected to increment the delimiting register 173 addingone count to this register. If, on the other hand, the memory transferoperation has not been completed, the output signal from gate 225 willbe used, through a delay 229, to clock the counter 165 back to its3-count position by utilizing a 3-count register 231 to place a count ofthree in the counter 165. Thus, the sequence continuously loops throughcounts 3 through 7 until each of the words in the memory 49 has beenshifted down one count, and the delimiter register 173 has beenincremented. This entire insert routine is shown in the flow chart ofFIG. 3. It can be seen from that low chart that each element of memorydata is shifted toward the end of the memory by one position to makeroom for the new element. The delimiter is then incremented and theprocess comes to a stop.

A similar process is generated by a keyboard keystroke which provides online 121 a delete signal which compares favorably with a delete wordstored in a buffer 233. This sequence is shown in the flow chart of FIG.4 and can be followed there as well as in the schematic diagram of FIG.2. Signals from the comparator 238 connected to the buffer 233 indicatethat a keystroke demanding a dam element deletion from the memory 49 hasbeen made. This signal on line 237 is used to provide the initial inputto a counter 245 used to sequence the deletion process. During the datadeletion process, it is desired to delete the element of data locatedduring a search operation and to shift all of the remaining data withinthe memory 49 to close the gap. Thus, the remaining data in the memory49 must be moved up in the memory by one data position, and thedelimiter 173 must be decremented by one count.

This is accomplished by utilizing the signal on 237 to initiallyincrement the address buffer 77 by providing a signal on line 127. Adelay 239 is used to assure that this incrementing has beenaccomplished, and then provides a signal on line 241 to enable a buffer243 storing a 2-count to input this 2-count into the counter 245 usedfor sequencing the deletion process. In response to the 2-count from thebuffer 243, the counter 245 provides a 2-count output on line 247 whichreads the data word at the incremented location into the temporarybuffer 196 by enabling gate 194. In addition, through a delay 249, thesignal 247 increments the counter 245 at its clocking input 251. Thecounter 245 then provides a 3-count output on line 253 which isconnected to line 141 to decrement the address in the buffer 77. Line253 is additionally connected through a delay 255 to clock the counter245 to a 4-count position producing a signal on line 257. This signal isused to enable gates 213 and 203 to access the data from the temporarybuffer 195 to the write logic 205. This logic 205 then writes the wordin the temporary buffer 195 into the memory location addressed by thebuffer 77 in the memory 49. The signal on line 257, in addition,provides a delayed output from a delay circuit 259 to clock the counter245 to its 5-count position which provides a signal on line 261. Line261 is connected to the line 127 to increment the address buffer 77.This signal is also delayed in a delay circuit 263 to provide anadditional clocking input to the counter 245. In response to thisadditional clocking input, the counter 245 provide a 1 output on line267 which is connected to line 127 to increment the address buffer 77 asecond time, and is additionally ANDed in gates 269 and 271 with theplus signal 85 and minus signal 87. If a minus signal 87 is present, theend of search has been reached and the delimiter register is decrementedby decrementer 272. If a plus signal is present, the gate 269 provides,through a delay 273, a clocking input to the counter 245 to repeat thedata shifting process on the next data word. It can thus be seen thatthe counter 245 is used to sequence a repeating cycle of steps which areused as a looping function to shift all of the data words in the memoryone step toward the beginning of the memory in order to close the gap inthe memory which results from deleting a data word therefrom. The flowchart of FIG. 4 diagrams this process utilizing element numbers from theschematic of FIG. 2.

When, in the course of a searching operation, an identification numberis located, it was explained previously that the data buffer 79provides, through gate a 4-bit output indicating the time of day whenaccess is to be provided for the person having this identificationnumber. This number is accessed by the real-time sensor 51 which, asshown in FIG. 2, includes three separate clocks, 301, 303, and 305, eachof which can provide the closure of switch in response to a particulartime of day setting. Thus, for example, the clock 301 may be set toprovide a switch closure from 8:00 A.M. to 5:00 P.M., the clock 303 from5:00 P.M. to midnight, and the clock 305 from midnight to 8:00 A.M.These three clock switches are accessed to a comparator 307 which is, inturn, provided with signals from the gate 93. If the signals from gate93 conform to the switch closures from the clocks 301 through 305,access is permitted by placing a signal from the comparator 307 on line309 to gate 53. In a typical arrangement, the comparator 307 willprovide an output signal on line 309 if any one of the clock 301-305 isproviding a switch closure and the signal from gate 93 has a 1-bit onthe corresponding line indicating that this employee is to be providedaccess at the time of day indicated by this switch closure. It can beseen that by setting the clocks 301-305 and by giving a particularemployee access at combinations of times from 1, 2, or 3 of theseclocks, total flexibility in timing control can be achieved.Furthermore, by providing a time code on the fourth line from the gate93, the comparator 307 can be made to provide an output signal on line309 at any time of day, irrespective of the condition of the clocks 301through 305, so that, for example, supervisory personnel can be grantedaccess at all times.

Referring once again to FIG. 1, it bears repeating that the remoteterminal 13 of the present invention will operate utilizing its ownmemory 49 and memory control 63 in the manner described. Alternatively,this same remote unit can be utilized by accessing data directly fromthe buffer 47 through the degraded mode sensor 42, shown in FIG. 1, andcomparable so that described in patent application Ser. No. 830,002,filed Sept. 1, 1977, and referenced above. This degraded mode sensor 42will limit access at this remote terminal in accordance with data storedin the memory 69 in the main processing unit 11 until such time as thecommunication lines are degraded. At that time, the memory 49 and itsmemory control 63 will be utilized for limiting access. It can be seen,therefore, that the terminal 13 of the present invention can be usedeither as a stand-alone terminal by bypassing the degraded mode sensor42, or may be used as a remote terminal with a central processor system11, utilizing the degraded mode sensor 42 to impose stand-aloneoperation only if data lines are degraded.

The present invention permits the same data to be stored in the memory69 and the memory 49 so that, even during degraded mode operation,although one of the printer 75 may be lost (so that personnel flow datais no longer available), nevertheless the same limited number ofpersonnel may be granted access at this remote location, so thatsecurity is not degraded.

The preceding embodiment described in reference to FIGS. 1 through 4 isillustrative of a hardwired circuit for performing the functions of thepresent invention. In the preferred embodiment, the functions of theremote units 13 are performed by a microprocessor, as illustrated inFIG. 5. This microprocessor includes a central processing unit 401, suchas a Motorola 6800, which is connected with a memory unit 403, such asan AMI Model SF101. In addition, a scratch pad memory 405 can provided,such as a Motorola 6810. The central processing unit 401 is alsoconnected to a read only memory 407 in a typical fashion to store thecontrol steps for the central processing unit.

As is typical, the central processing unit 401 interfaces with acommunication interface unit, such as a Motorola 6850, 409, forcommunicating with the central processor 11, and may interfere, inaddition, with the card sensor 43 and real-time sensor 51, similar tothose shown in FIG. 1. A peripheral interface adapter 411, such as aMotorola 6820, is used to connect the central processing unit 401 to thedoor access control 54, such as a door strike. The keyboard 55 of FIG. 1may also be connected to the central processing unit 401 through themain data and control bus 413.

It will be recognized by those skilled in the art that the dataprocessing unit, shown in FIG. 5, is typical of many other similar dataprocessing units. What makes this processing unit unique is a programstored in the read-only memory 407 for controlling the operation of thecentral processing unit 401. This program, written for the Motorola6800, is as follows: ##SPC1##

What is claimed is:
 1. A security access system, comprising:a centralprocessor, comprising:a programmable memory storing data specifyingpersonnel access at plural remote terminals; and means for communicatingwith said plural remote terminals; and plural remote terminals connectedby said communicating means with said central processor, eachcomprising:a programmable memory within said terminal storing dataspecifying personnel access for said remote terminal; and means withinsaid terminal for providing selective, programmable access at n remotelocation in response to either said central processor memory data orsaid remote terminal memory data.
 2. A security access system, asdefined in claim 1, wherein said remote terminal additionallycomprises:means for programming said memory for storing differentpersonnel access data in an ordered stack comprising:means for deletingindividual access data from said stack; means for compressing said stackwhenever said stack comprises memory locations from which access datahas been deleted; and means for maintaining the order of said stack. 3.A security access system, as defined in claim 1, wherein said remoteterminal additionally comprises:means for storing data specifying timesof day for access for said same personnel; and means for comparing saidstored time of day data with real time to provide selective access.
 4. Asecurity access system, as defined in claim 3, wherein said meansstoring time of day access data is programmable.
 5. A security accesssystem, as defined in claim 4, wherein said comparing means comprisesplural realtime clocks, each of which is independently setable toprovide access at different times of day.
 6. A security access system,as defined in claim 1, wherein said remote terminal means for providingaccess at a remote location in response to either said central processormemory data or said remote terminal memory data comprises means fordetermining the integrity of communication lines with said centralprocessor and for providing access in response to said remote terminalmemory data if said communication lines are faulty.
 7. A security accesssystem, as defined in claim 1, wherein said remote terminal additionallycomprises:keyboard means; means connecting said keyboard means toprogram said memory; and means connected to said keyboard means and saidmemory for providing selective access at said remote location inresponse to data entered on said keyboard means by personnel requestingaccess.
 8. A security access system, as defined in claim 7, wherein saiddata entered on said keyboard means for providing access is apredetermined permutation and combination of data stored in said memory..Iadd.
 9. A security access system, as defined in claim 1, wherein atleast one of said remote terminals is a unit comprising saidprogrammable memory and said means for providing selective, programmableaccess. .Iaddend..Iadd.10. A security access system, as defined in claim1, wherein at least one of said remote terminals also includes a cardreader. .Iaddend..Iadd.11. A security access system, as defined in claim1, wherein at least one of said remote terminals additionally comprisesmeans responsive to magnetically coded indicia on a card for reading andstoring an identification number peculiar to the holder of said card..Iaddend..Iadd.12. A security access system, as defined in claim 10 or11, wherein at least one of said remote terminals is a unit..Iaddend..Iadd.13. A security access system, as defined in claim 1,wherein at least one of said remote terminals additionally comprises adoor access control. .Iaddend..Iadd.14. A security access system asdefined in claim 1, wherein at least one of said remote terminalsadditionally comprises a keyboard. .Iaddend.